fem-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes FreeFEM++ simulation scripts and utilizes various Python and Node.js command-line tools for visualization and project management.
- Evidence: Automated execution of the
FreeFem++binary to solve generated.edpfiles as described in the workflow ofSKILL.md. - Evidence: Instructions for using
uv run pythonandnpm run devto facilitate visualization and interactive 3D viewing inreferences/project_setup.md. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install essential development tools using official installation scripts from trusted and well-known sources.
- Evidence: Fetches the Homebrew installation script from Cloudflare-protected official domains.
- Evidence: Downloads the
uvenvironment manager from Astral's official installation URL. - Evidence: Retrieves the
fnmNode.js manager using its official Vercel-hosted install script. - [PROMPT_INJECTION]: The skill's primary function is to transform natural language problem descriptions into executable FreeFEM++ code, which creates a potential surface for indirect prompt injection.
- Ingestion points: Natural language problem descriptions and user-provided geometry specifications processed in
SKILL.md. - Boundary markers: The skill relies on an AI self-evaluation loop to verify simulation outputs, though explicit delimiters for user input are not enforced in the templates.
- Capability inventory: The agent can execute generated code via the
FreeFem++solver, which supports file I/O operations and plugin loading. - Sanitization: No explicit code-level sanitization of user input is documented before its interpolation into simulation code templates.
Audit Metadata